Puppet Cheat Sheet

See also See also Mcollective

Puppet CLI

Puppet 2/3 Master

Enable debugging: Add to /etc/puppet/rack/config.ru

ARGV << "--debug"

and restart the Passenger.

Hiera

Hiera Queries

On Puppet master:

hiera <key>		# to query common.yaml only
hiera <key> -m <FQDN>	# to query config of a given node (using mcollective)
hiera <key> -i <FQDN>	# to query config of a given node (using Puppet inventory)
hiera <key> environment=production fqdn=myhost1   # to pass values for hiera.yaml

# To dump complex data
hiera -a <array key>
hiera -h <hash key>

Encryption with eyaml

eyaml encrypt -f <filename>
eyaml encrypt -s <string>
eyaml encrypt -p      # Encrypt password, will prompt for it

eyaml decrypt -f <filename>
eyaml decrypt -s <string>

eyaml edit -f <filename>    # Decrypts, launches in editor and reencrypts

Debugging eyaml Problems

See Hiera EYAML GPG Troubleshooting

Hiera+Puppet Debugging

puppet apply -e "notice(hiera_array('some key'))"

Puppet DSL

Snippets

notify { 'message': loglevel => 'err' }

Check for file

if file_exists('somefile.txt') == 1 { }

Execute commands (evil!)

exec { "mkdir -p $dir":
    command => "/bin/mkdir -p $dir",
    creates => $dir
}

Merging Arrays

$result = split(inline_template("<%= (array1+array2).join(',') %>"),',')

Exceptions

fail('This is a parser time error')

Conditions

if $var == 'value' {
}

case $::lsbdistcodename {
	'squeeze': {
        }
        'wheezy', 'jessie': {
        }
        default {
        }
}

ERB Syntax

ERB Tags

<%= ruby code, result inserted %>
<% ruby code, result not inserted %>	# use for loops, conditions...
<%- like above, but strips leading+trailings spaces from output -%>
<%# comment %>

<%%	# literal <%
%%>	# literal %>

Using Variables

<%= @name %>				# variable visible in current scope
<%= scope.lookupvar('name') %>		# search in all scopes
<%= scope['somewhere::name'] %>		# Puppet 3 scope access

Conditions

<% if @name != nil %>
   Well, @name is set!

   When checking if a variable exists/is set 
   always do check for nil! Everything else is unsafe.
<% end %>
<% if @name ~ /.* Smith$/ %>
   Matches
<% end %>

Augeas

Augeas - in Puppet: Using Puppet with Augeas

augeas { "sshd_config":
 changes => [
 "set /files/etc/ssh/sshd_config/PermitRootLogin no",
 ],
}

Testing

Misc